Ubuntu Linux install and configure OpenSSH (SSHD) server

I am totally impressed with new Ubuntu Linux server. Default installation did not install any single service 🙂

This gives pretty good control over box. Following command returned nothing:
$ sudo netstat -tulpn

However sshd is bare minimum these days and it should be installed by default.

To install openssh server type following command:
$ sudo apt-get install openssh-server

Make sure openssh is running:
$ netstat -tulpnOutput:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::22                   :::*                    LISTEN     3458/sshd

Now we will tight openssh security. First change default 22 port to something else like 512. This will avoid automated tools login into your box:
$ sudo su -
# vi /etc/ssh/sshd_config

Find line that read as follows:
Port 22
Replace port 22 with 512:
Port 512
Save and close the file. Restart sshd:
# /etc/init.d/ssh restartOutput:

 * Restarting OpenBSD Secure Shell server... 

Finally make sure you open port 512 using iptables. Type the following command to list current firewall rules:
$ sudo iptables -L -n
Output:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:6881:6882
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514
ACCEPT     all  --  192.168.1.100        0.0.0.0/0
ACCEPT     all  --  192.168.1.101        0.0.0.0/0
ACCEPT     all  --  192.168.1.102        0.0.0.0/0
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Use GUI program such as firestarter to manage and open port 22 (ssh port).
$ sudo firestarter &

Updated for accuracy.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 25 comments so far... add one

CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
25 comments… add one
  • hejmiki Sep 10, 2010 @ 15:06

    I think there is another TYPO

    correct me if i’m wrong
    You set up Port 22 –> Port 512

    and then in your output of sudo iptables -L -n
    there is no rule for accepting tcp on Port 512 but there is Port 514 (udp)

  • trioggle Jun 2, 2010 @ 2:05

    Firestarter is a firewall gui, putty is a shell client.

  • Melroy van den Berg May 21, 2010 @ 21:33

    You can also try putty, i prefer that more then firestarter.

  • Dmitry Apr 12, 2010 @ 8:16

    I had the same proplem.
    All you need do is to update your system:
    >sudo aptitude update

  • Samuel Berryman Feb 27, 2010 @ 12:46

    I have just installed Ubuntu 9.10 and it is all working fine! However when I try to install openssh like it tells me to above i get the following error:

    Reading Package Lists… Done
    Building dependency tree
    Reading state information… Done
    package openssh-server is not available, but is referred to by another package.
    This may mean that the package is missing, has been obsoleted, or
    is only available from another source
    E: Package openssh-server has no installation candidate

    I dont know why it is doing this and really could do with some help please!

  • I can't see to get this working Jan 28, 2010 @ 10:28

    Hi,
    I try installing Ubuntu Server 8.10, and i tell u, installation when just fine. I get stuck on the part where u need to configure /etc/network/interfaces, that, because i need the server to have a static IP. I have ADSL connection, and IP’s r assing by the modem/router (Thompson SpeedTouch). IP’s r configure as “start 10.0.0.34 – end 10.0.0.134” “sbnetmask 255.255.255.0” that’s in the modem/router, and obvious it gives me the router IP number. Now, if i want to assing a static IP to the server it should be some like “10.0.0.3” SM “255.255.255.0” and what is Broadcast, Network and some other’s that has to be edited with “VIM”. I mean, im from windows xp, and i want to host my own web page, and mail server, plus some sharing files locally, maybe log-on remotelly… that’s all i want; but this part is killing me. anyone willing to help please? thanks in advanced.

  • Japan Shah Jul 6, 2009 @ 5:15

    Thanks it works !!!

  • ssh_user Apr 7, 2009 @ 20:51

    Ubuntu 8.10 64 bits, no firewall active.
    After changing ssh listning port from 22 to 2223, connecting fails, see dump below
    Can somebody explain what can cause a ‘Read from socket failed: Connection reset by peer’. The question is in several forums, couldn’t find answers yet.

    dump:

    jaap@jaap-laptop:~$ ssh -p 2223 jaap@localhost -vvv
    OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [127.0.0.1] port 2223.
    debug1: Connection established.
    debug1: identity file /home/jaap/.ssh/identity type -1
    debug1: identity file /home/jaap/.ssh/id_rsa type -1
    debug1: identity file /home/jaap/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-3ubuntu1
    debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    Read from socket failed: Connection reset by peer
  • El Perro Loco Jan 2, 2009 @ 14:44

    Good article. Short, complete and to the point.
    Thanks.

  • loh Mar 22, 2008 @ 15:05

    First time installing ubuntu 7.10. This was very helpful.

  • brandon Oct 29, 2007 @ 3:40

    I can ssh from ubuntu to osX, but not from osX to ubuntu. I had the same situation where I could go from winXP to osX, but not the other way. Since it works ubuntu to osX does that mean I need to switch the dsa keys around, or do they work but ways? So, it seems like the problem must be in ubuntu’s firewall or the router’s portforwarding. When I setup portforwarding I feel like I should open port 22 for the mac’sip if i want to get into the mac. Strangely that doesn’t work, but when I open port 22 for 192.168.0.1 (the router’s ip) then I can ssh into the mac. I want to have SAMBA and VNC forwarded over ssh. I want the ubuntu to be headless but then I want to open VLC on the mac and watch a movie from the ubuntu. Once long ago I was able to get VNC to work both ways with a mac and a win2k machine. I don’t know what I’m doing wrong.

  • sungmin Jun 17, 2007 @ 20:09

    what is difference with login in with login and password and with PUB key ? also what if I have 10 users who needs to login to my Linux box, what is best way for them to login ? with login and password or with PUB KEYS ?

  • Markku Apr 1, 2007 @ 20:42

    I cant get it to work. When i try to run openssh-server it just says fail.

  • 🐧 nixCraft Mar 30, 2007 @ 3:20

    xain,

    It was typo and post has been updated. Thanks for heads up.

  • xain Mar 29, 2007 @ 14:05

    what is the point that after changing port from 22 to 512, but still to make sure iptables open port 22?

  • Cappy Feb 27, 2007 @ 9:12

    The problem was that I ran “/etc/init.d/ssh restart” as a user and not as an admin. It ended up giving a bunch of RSA errors and somehow prevented the system from switching ports when I then ran it from root. A simple reboot fixed it. Thanks for the guide!

  • Fulano Feb 27, 2007 @ 7:38

    I followed the instructions and I seem to be going alright, I can ssh locally as another user but I cannot seem to log in from remote locations, just seems to time out. Any ideas?

  • 🐧 nixCraft Feb 15, 2007 @ 4:17

    Make sure firewall is not blocking your port 30000. Run following command to see current iptables.
    sudo iptables -L -n
    OR
    iptables -L -n

    Also /etc/hosts.allow and /etc/hosts.deny can block access.

  • Cappy Feb 15, 2007 @ 0:56

    Hm … I can SSH into my server when the port is set to 22 but as soon as I set it up to a high number (30,000) and restart the ssh server all I get are server rejections. ssh -p 30000 cappy@127.0.0.1 just won’t work =(

  • 🐧 nixCraft Feb 1, 2007 @ 22:01

    neon.

    What error you are getting?

  • neon Jan 31, 2007 @ 7:49

    Well it seems to match. However SSH still isn’t working.

  • Gabe Nov 30, 2006 @ 21:01

    Hey! This ie exactly what I was looking for. Thanks so much!

  • 🐧 nixCraft Nov 12, 2006 @ 12:29

    Rich,

    Thanks for heads up! Article is updated!!!

  • rich Nov 12, 2006 @ 11:30

    shouldn’t package name be openssh-server, hyphen is in wrong place?

  • alex Nov 9, 2006 @ 14:19

    short but to the point and of use!

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz